fe074f10c76c6f948e0975761331973876fac8b45a22932e43e2cd27d7a1778e

Analysis

max time kernel
51s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 04:01

Target

0c6d8e709835ab2957831ec81027ccea_JaffaCakes118.exe
Size

3.6MB
MD5

0c6d8e709835ab2957831ec81027ccea
SHA1

370ef1265345722504683dc8633a36d93b153729
SHA256

fe074f10c76c6f948e0975761331973876fac8b45a22932e43e2cd27d7a1778e
SHA512

a24ba4170b6cb71032c0b7d7986098e94847380f14b7064749744df0f6491f84eee440f0636cc1173f8956c09ef2af94f31421b8d236836e136b87b728928a3c
SSDEEP

98304:OqyVRREEVsdyhOfpLOhVRlKPzPRhRzHAblnezPVzH2zPMzH:0hAbf9EaJi4

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3468	1.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
536	0c6d8e709835ab2957831ec81027ccea_JaffaCakes118.exe
536	0c6d8e709835ab2957831ec81027ccea_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 3468	536	0c6d8e709835ab2957831ec81027ccea_JaffaCakes118.exe	80
PID 536 wrote to memory of 3468	536	0c6d8e709835ab2957831ec81027ccea_JaffaCakes118.exe	80
PID 536 wrote to memory of 3468	536	0c6d8e709835ab2957831ec81027ccea_JaffaCakes118.exe	80

C:\Users\1.exe

Filesize
616KB

MD5
6b54a5ecf0bcb90d68e2d7c068b0aefa

SHA1
5c321bf697d327097bb57f093d57543ecab88a53

SHA256
08a55ae609026bfb11dafd9f8211de29b831f0aeb0772f84110380a209a6636e

SHA512
06232819a2e026b29256ed8c4ed9100f69a7c7ee0ef5f6d83c1453cdd8cd587494194c2b0a50657cf95416e7d3b6267e5b7f9f1b99a4074c7132c075dcf030be

Download Submit